SimpleID 0.6 released

Beta version 0.6 of SimpleID, a simple, personal OpenID provider written in PHP, has been released.

Upgrading to version 0.6 is strongly recommended. To download, go to SourceForge.

What's new in SimpleID 0.6

More secure. SimpleID 0.6 contains a number of security enhancements. These include:

Digest authentication. Previous versions of SimpleID sends your password as plain text to the server. A new authentication process has been implemented so that your password is never sent as plain text. Note that this may require some changes to your configuration options. See Installing and upgrading below.

Protection against automated attacks. Form handling code has been enhanced to prevent automated attacks.

More convenient. SimpleID version 0.6 new has the ability to remember your login.

Installing and Upgrading

SimpleID version 0.6 introduced a new log in system. The new system allows you to log in to SimpleID without sending your password in plain text. Your password is used to create a cryptographic digest, which is then sent to the SimpleID server and verified.

As a result, you need to be aware of two things:

You browser must have JavaScript switched on in order to use the new log in system. If JavaScript is not switched on, SimpleID reverts to the "legacy" log in system used in previous versions, subject to the important
point below.

By default, SimpleID version 0.6 will not accept logins under the legacy system. You can override this by putting the following line in your config.inc:

define('SIMPLEID_ALLOW_LEGACY_LOGIN',true);

It is STRONGLY RECOMMENDED that you DO NOT switch the legacy login system on, as it is substantially less secure than the new login system. Use this ONLY if your browser does not support JavaScript.

Known Issues

Some users continue to report authentication issues when using SimpleID. These are being investigated.